Skip to content

Commit 73e0512

Browse files
yomimonoyomimono
committed
handle failures creating csrs
1 parent 7ee8d53 commit 73e0512

File tree

2 files changed

+21
-17
lines changed

2 files changed

+21
-17
lines changed

src/csr.ml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,14 @@ let csr org cn bits certfile keyfile =
1717
Relative_distinguished_name.(singleton (O org)) ;
1818
]
1919
in
20-
let csr = X509.Signing_request.create dn privkey in
21-
let csr_pem = X509.Signing_request.encode_pem csr in
22-
let key_pem = X509.Private_key.encode_pem privkey in
23-
match (write_pem certfile csr_pem, write_pem keyfile key_pem) with
24-
| Ok (), Ok () -> Ok ()
25-
| Error str, _ | _, Error str -> Error str
20+
match X509.Signing_request.create dn privkey with
21+
| Error _ as e -> e
22+
| Ok csr ->
23+
let csr_pem = X509.Signing_request.encode_pem csr in
24+
let key_pem = X509.Private_key.encode_pem privkey in
25+
match (write_pem certfile csr_pem, write_pem keyfile key_pem) with
26+
| Ok (), Ok () -> Ok ()
27+
| Error str, _ | _, Error str -> Error str
2628

2729
let csr_t = Term.(term_result (pure csr $ org $ common_name $ length $ certfile $ keyfile))
2830

src/selfsign.ml

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,19 @@ let selfsign name bits days is_ca certfile keyfile =
77
and issuer =
88
[ X509.Distinguished_name.(Relative_distinguished_name.singleton (CN name)) ]
99
in
10-
let csr = X509.Signing_request.create issuer (`RSA privkey) in
11-
let ent = if is_ca then `CA else `Server in
12-
match Common.sign days (`RSA privkey) (`RSA (Mirage_crypto_pk.Rsa.pub_of_priv privkey)) issuer csr [] ent with
13-
| Ok cert ->
14-
let cert_pem = X509.Certificate.encode_pem cert in
15-
let key_pem = X509.Private_key.encode_pem (`RSA privkey) in
16-
(match write_pem certfile cert_pem, write_pem keyfile key_pem with
17-
| Ok (), Ok () -> Ok ()
18-
| Error str, _
19-
| _, Error str -> Error str)
20-
| Error str -> Error str
10+
match X509.Signing_request.create issuer (`RSA privkey) with
11+
| Error _ as e -> e
12+
| Ok csr ->
13+
let ent = if is_ca then `CA else `Server in
14+
match Common.sign days (`RSA privkey) (`RSA (Mirage_crypto_pk.Rsa.pub_of_priv privkey)) issuer csr [] ent with
15+
| Error _ as e -> e
16+
| Ok cert ->
17+
let cert_pem = X509.Certificate.encode_pem cert in
18+
let key_pem = X509.Private_key.encode_pem (`RSA privkey) in
19+
(match write_pem certfile cert_pem, write_pem keyfile key_pem with
20+
| Ok (), Ok () -> Ok ()
21+
| Error str, _
22+
| _, Error str -> Error str)
2123

2224
let certfile =
2325
let doc = "Filename to which to save the completed certificate." in

0 commit comments

Comments
 (0)